Corkerns.com was hacked with an exploit that inserted a link to a malware site. I discovered it by a malware warning that Safari threw up when I went to Corkerns.com. When I went to Firefox, there was no warning, so I first thought it was a bogus Safari warning . I overrode the warning and used the Activity window on Safari to view the list of files open from the website. A file named txx was open, inserting a redirect to another IP address that hosted bad shtuff!
Next, I went back to Firefox and viewed a list of open javascripts, since that would be the most likely way to attack the site. A javascript was being blocked automatically by Firefox since it originated at a different site (e.g., not at corkerns.com). Therefore, Firefox was protecting me all along.
I then downloaded all the javascript on the website and searched through it for the malware link that sent you to the rogue site. I couldn’t find anything, so next I replaced all the WordPress code with the latest version. That did the trick and wiped out the bad code.
I’ve never been one to upgrade Corkerns.com immediately upon release of a new WordPress version, but I may rethink that strategy.